[SingCERT] Advisory on Intel Firmware Vulnerabilities

Published on Thursday, 23 November 2017 17:13


Intel manufactures processors that reside in computers and other devices. These processors execute instructions which will then perform specific actions.

On 20th November 2017, Intel announced security vulnerabilities (CVE-2017-5705 to CVE-2017-5712) in Intel Core processors manufactured from 2015 onwards. These vulnerabilities could lead to remote code execution (RCE) on certain PCs, servers, and Internet-of-Things (IoT) platforms.

Affected products include:

  • 6th (Skylake), 7th (Kaby Lake) & 8th (Kaby Lake-R and Coffee Lake) Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors


A successful exploit could allow attackers to remotely execute arbitrary code to perform a variety of malicious tasks such as gain access to privileged system information, cause system instability, as well as obtain sensitive information.


SingCERT recommends users to install and update affected products to the latest firmware as soon as possible.

For enterprises, download the detection tool via https://downloadcenter.intel.com/download/27150 to identify the security vulnerabilities in Windows and Linux.